The unauthenticated (remote) check is platform-independent and relies on a bidirectional connection with port 13456. You can copy an existing scan template or create a new custom scan template that only checks for Log4Shell vulnerabilities. After installing the product and content updates, restart your console and engines. Product version 6.6.121 includes updates to checks for the Log4j vulnerability. You can scan your environment for Log4Shell vulnerabilities with a customized scan template and quickly determine and report on impact using the Specific Vulnerability dashboard template. Organizations should be prepared for a continual stream of downstream advisories from third-party software producers who include Log4j among their dependencies.
CISA has also published an alert advising immediate mitigation of CVE-2021-44228.Ī huge swath of products, frameworks, and cloud services implement Log4j, which is a popular Java logging library. We expect attacks to continue and increase: Defenders should invoke emergency mitigation processes as quickly as possible. Rapid7 researchers have developed and tested a proof-of-concept exploit that works against the latest Struts2 Showcase (2.5.27) running on Tomcat. Multiple sources have noted both scanning and exploit attempts against this vulnerability. CVE-2021-44228 is being broadly and opportunistically exploited in the wild as of December 10, 2021.
Successful exploitation of CVE-2021-44228 can allow a remote, unauthenticated attacker to take full control of a vulnerable target system.